Phone Lines icon GFI Support Home Sign in
Start a conversation
  1. GFI Support
  2. GFI Support - Interface
  3. Articles

Exinda CLI: Policies

Overview

 

This article provides information regarding the Exinda CLI command policy

You can use the policy command to create a new Optimizer policy. Policies can then be used in Optimizer virtual circuits.

 

Information

 

NOTE:  The following syntax convention is used:
  • {}: Options are enclosed in braces and are separated by '|'
  • []: Optional keywords are enclosed in brackets
  • <>: User input is required where variables are enclosed in greater-than and less-than symbols

The following table describes the commands used for performing common actions related to policies:

 

 Action Description Command

Parameter Description 
To configure the policy's action to discard (block) policy <policy-name> action discard {first-packet}

action discard first-packet - Discard only the first packet in a connection
To configure the policy's action to ignore (monitor)  policy <policy-name> action ignore 

This allows the packets to pass unaffected through the appliance which monitors the traffic
To configure the policy's action to optimize by shaping the bandwidth  policy <policy-name> action optimize qos {bandwidth|enable|priority}
  • qos bandwidth guaranteed <num> {kbps|%} - Configure the policy's guaranteed bandwidth either as kbps or as a percentage of the parent's virtual circuit's bandwidth
  • qos bandwidth burst <num> {kbps|%} - Configure the policy's burst bandwidth either as kbps or as a percentage of the parent's virtual circuit's bandwidth
  • qos enable - Enable the QoS (Quality of Service) action for the policy
  • qos priority <priority (1-10)> - Set the burst priority ranging from 1 (high) to 5 (normal) to 10 (low). If excess bandwidth is available, the burst priority is used to decide how excess bandwidth is distributed. Policies with a higher burst priority will be preferred when allocating excess bandwidth
To configure the policy's action to optimize by accelerating policy <policy-name> action optimize aa {enable|reduction-type|type}

aa enable - Enable application acceleration for this policy. 
policy <policy-name> action optimize aa reduction-type {disk|lz|none}

Specify the reduction technique:

  • disk - De-duplicate the traffic. The appliance's hard disk drive is used to store the deduplication patterns.
  • lz - Compress the traffic using a network optimized LZ compression algorithm.
  • none - Do not attempt to reduce the traffic. The traffic will still be accelerated.
policy <policy-name> action optimize aa type {acceleration|compression|edge-cache}

Specify the type of acceleration:

  • acceleration - Enable full application acceleration
  • compression - Enable legacy compression
  • edge-cache - Enable Edge Cache
To configure the policy's action to optimize by marking packets  policy <policy-name> action optimize mark {dscp|tos|vlan}
  • mark dscp <DSCP mark (0-63)> - Specify which DSCP (Differentiated Services Code Point) mark to put in the IP header of each packet
  • mark tos {normal|min-cost|max-reliability|max-throughput|min-delay} - Set the ToS (Terms of Service) mark to put in the IP header of each packet
  • mark vlan {id <VLAN id (0-4094)>} {priority <VLAN priority (0-7)>} - Specify which VLAN ID and priority to rewrite for each packet. Rewrite the 802.1Q VLAN ID and/or Priority only if an existing VLAN header is present. This is a packet-based VLAN rewrite feature. Only packets matching this policy will be rewritten. Other packets that do not match this policy may be required to be rewritten in order for this feature to work (including non-IP packets such as ARP, which are not even processed by the Optimizer). Ensure that your topology supports this method of rewriting VLAN IDs before using this feature
To configure the policy's action to redirect to a webpage (HTTP Redirect)  

policy <policy-name> action redirect type http_redirect

 Not Applicable 
policy <policy-name> action redirect value <url>

value <url> - Specify the URL that you want to redirect the traffic to
To configure the policy's action to return a HTML response 

policy <policy-name> action redirect type html_response

 Not Applicable 
policy <policy-name> action redirect value <url>

value <url> - Specify the HTML to send back to the client
To configure the policy to only be active for a particular schedule policy <policy-name> schedule <schedule-name>

schedule <schedule-name> - Specify the schedule by name for when this policy will be active. Note the default is 'ALWAYS'
To configure the rules that will be used to filter the traffic to determine if this policy will apply to the traffic policy <policy-name> filter <filter-num>

filter <filter-num> - Specify the order number of the filter. The numbered filter allows you to tie together several CLI commands into a single filter
policy <policy-name> filter <filter-num> app-group <name>

app-group <name> - Specify an application group to match against the traffic
policy <policy-name> filter <filter-num> app-name <name>

app-name <name> - Specify a single application to match against the traffic
policy <policy-name> filter <filter-num> direction {inbound|outbound|both}

direction {inbound|outbound|both} - Specify the traffic direction relative to the appliance. Options are inbound, outbound, or bi-directional.
policy <policy-name> filter <filter-num> dscp <num>

dscp <num> - Specify a DSCP (Differentiated Services Code Point) value to match against the traffic
policy <policy-name> filter <filter-num> network-object {destination|source} <name>

network-object {destination|source} <name> - Specify the source or destination network object to match against the traffic
policy <policy-name> filter <filter-num> tos {normal|min-cost|max-reliability|max-throughput|min-delay}

tos {normal|min-cost|max-reliability|max-throughput|min-delay} - Specify a ToS name to match against the traffic
policy <policy-name> filter <filter-num> vlan <name>

vlan <name> - Specify a VLAN object to match against the traffic
To enable the policy

policy <policy-name> enable

 Not Applicable 

 

Example

  • Create an Optimizer Policy that matches all traffic belonging to the 'Web' Application Group and guarantees 20% of the bandwidth to that traffic, allowing it to burst to 100%.

    policy Policy_1
    policy Policy_1 schedule ALWAYS
    policy Policy_1 action optimize
    policy Policy_1 action optimize qos bandwidth burst 100 %
    policy Policy_1 action optimize qos bandwidth guaranteed 20 %
    policy Policy_1 action optimize qos priority 2
    policy Policy_1 action optimize qos enable
    policy Policy_1 filter 1
    policy Policy_1 filter 1 app-group Web
    policy Policy_1 filter 1 network-object destination ALL
    policy Policy_1 filter 1 direction both
    policy Policy_1 filter 1 network-object source ALL

     

  • Redirect traffic to http://mysystem.mycompany.com/login

    policy myPolicy
    policy myPolicy action redirect
    policy myPolicy action redirect type http_redirect
    policy myPolicy action redirect value "http://mysystem.mycompany.com/login"
    policy myPolicy filter 3
    policy myPolicy filter 3 app-name HTTP
    policy myPolicy filter 3 app-name HTTP-ALT
    policy myPolicy filter 3 app-name HTTPS

     

  • Redirect traffic to http://mysystem.mycompany.com/login

    policy myPolicy
    policy myPolicy action redirect
    policy myPolicy action redirect type html_response
    policy myPolicy action redirect value "Two Hours Exceeded"
    policy myPolicy filter 3
    policy myPolicy filter 3 app-name HTTP
    policy myPolicy filter 3 app-name HTTP-ALT
    policy myPolicy filter 3 app-name HTTPS
     Note that "Two Hours Exceeded" is the name of a pre-defined HTML Response object.

     

Find more CLI commands.

Back to Top

 

Choose files or drag and drop files
Was this article helpful?
Yes
No

  1. Priyanka Bhotika

  2. Posted
  3. Updated

Comments